Linux Containers

Before introduction of VM solutions, data centers were filled with physical servers. So VMware introduced ESX hypervisors and then later Xen and KVM like solutions were introduced for complete hardware virtualization which helped in reducing overall datacenter cost. IaaS (Infrastructure as a Service) cloud providers such as AWS, Azure uses VMs. If VMs are up and running, they charge for it. Despite VM solutions are having these advantages, as they run complete OS image, it can be still very resource consuming while talking about databases, which are memory and CPU intensive processes. It can cause scalability issues, for which “container” solution came.

Containerization is not a new technology. Similar concept such as FreeBSD jail or Solaris Zones were there quite a few years ago, but they need custom kernel, which was a major setback.

Linux container is a technology, aims at offering distribution and vendor neutral environment for the development of containerized applications. It offers environment like VMs without the overhead of running multiple kernels and simulating all hardwares.

It allows developers to package and isolate applications with their all necessary files/libraries to run, which is called containerized application/image. Linux container makes it easy to move these portable contained applications from development, to testing and finally to production.

Developers can focus on their applications and operation teams can focus on infrastructure, thus helping in reducing conflicts between Dev and Operation teams. So it helps teams to simplify, speed up and orchestrate application development and deployment [part of continuous integration, deployment and DevOps], which are needed in any modern approach to develop softwares.

For better understanding, let’s take an example –
Suppose you are developing an application on your laptop which is having bit different configurations from other developers. Your application depends on your specific configurations and files, but production environments are standardized with their own configurations and libraries. So you need to emulate those environments on your local systems as much as possible, which leads to recreating your server environments. Here you are probably going to need a container, which contains all necessary dependencies or environments and your application on the top of it. So it reduces massive headaches of solving dependency issues, QA and moving the portable app from development to test and then to production.

It was just a simple example, but true fact is linux container applications such as LXC, Docker etc can be implemented in many different ways where portability, isolation, security are the matter of concern. It not only supports on-premise infrastructure, but also can be implemented on cloud and hybrid infrastructures.

Containers do not provide complete virtualization like hypervisors, which provides hardware virtualization, where multiple OSes run on a single system. Rather it shares the same system kernel and isolates the application from the reset of the system by using the kernel features such as namespaces, cgroups (Control Groups) etc. This is called OS level virtualization. There are six types of namespaces which provides per-process isolation of the OS resources like MNT (Filesystem), IPC, network, PID, UTS and User namespaces like UID and GID. When MNT namespace is used, file system mounted by one process can not be seen by another process. Similarly using network namespaces, each process can have its own instance of network stack such as network interfaces, sockets, routing tables, routing rules etc. User namespaces like UID is a feature which can map an user of container to an user inside real host. Like the root user inside a container can be mapped to an user let’s say “nobody”, having minimal privilege inside real host. So if someone escapes from the container, the escaped user will be mapped to “nobody”, who has no privilege to change anything in the host system. Cgroups or control groups are used to control the resources used by the processes.

Container can pack lot more applications than VM for the same server.
Containers start and stop faster than VMs.
Though container is light weight, sometimes it is considered as a drawback too. Because you cannot run BSD, OS/X or Windows in a linux based container as all containers share same host kernel. But it opens up many possibilities, as patching the host kernel will be inherited by all the containers, which could be desirable from system maintenance point of view.

LXC and Docker are the two popular linux based containers used these days. Docker was using LXC as containerization engine, but not Docker is having its own engine. Docker provides a way to containerize complex applications and upload them to docker hub, so that later the images can be downloaded to public or private clouds running Docker hosts.

Microsoft has adopted Docker as its containerization packaging standard for Azure so that Linux Docker apps can be run on their public cloud. Google has its own open-source container technology called LMCTFY (Let Me Contain That For You). Anytime a google functionality like search, gmail, Docs are used, actually a new container is issued.

Linux container technology saves millions of dollars annually of data centers or cloud providers in power and hardware costs.

More on LXC & Docker installation, configuration, Docker in cluster environment (Docker Swarm), Kubernetes (an open-source system for automating deployment, scaling and management of containerized applications which is designed on the principle that allows Google to run billions of containers a week) installation and configuration will be posted soon.